The Role: Essential functions:
- Develop and implement a strategic, long-term information security strategy to ensure that company??s information resources are adequately protected.
- Lead the development of comprehensive information security policies, procedures, standards, and guidelines, and oversee their approval, dissemination, and maintenance.
- Ensure that the information security management program enforces compliance with applicable policies, laws, regulations, and contractual requirements.
- Lead efforts to monitor and maintain compliance with PCI, GDPR, POPIA and other applicable laws and regulations.
- Work to strike an optimal balance between the necessity for business with the need for security, safety and data privacy in all aspects of Group IT operations.
- Identify, evaluate, and report on information security risks, program developments, and improvement projects to the executive committees, and provide subject matter expertise on security standards and best practices.
- Work with senior leaders across the business to identify and assess IT risks, establish risk tolerance, navigate risk acceptance processes, monitor remediation efforts, and implement mitigating and compensating controls necessary to reduce IT risks to acceptable levels.
- Act as the champion for the enterprise information security program and foster a security-aware culture through creative and effective efforts towards ongoing Security Awareness Training & Education (SATE).
- Develop, mentor, lead, and manage a high-performing cross-functional team of information security, risk, and compliance professionals.
- Be an active participant and take a leadership role in relevant councils, committees, and working groups in areas related to IT Governance, Information Security, Data Governance, Identity & Access, and Privacy.
- Supervise all aspects of security operations for the daily defence of the Group, including monitoring, detection, investigation, and response into attacks, vulnerabilities, and emergent threats.
- Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
- Develop business-focused metrics to measure the effectiveness of the information security program, and work to increase the maturity of the program over time.
- Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters
ADDITIONAL ROLE INPUT: SECTION 1: CATEGORYProfessional – Results primarily achieved by an individual or through project teams, with emphasis on technical/discipline knowledge rather than managing people. Requires the application of expertise in professional area(s) to achieve results. Reflects increasing depth of professional knowledge, project management and ability to influence others. Typically requires tertiary qualification or equivalent work experience that provides knowledge of and exposure to fundamental theories, principles and practices.PROFESSIONALRecognized as an expert in own area within the organization. Has specialized depth and/or breadth of expertise in own discipline or function. Interprets internal or external issues and recommends solutions/best practices. Solves complex problems; takes a broad perspective to identify solutions. May lead functional teams or projects. Works independently, with guidance in only the most complex [URL Removed] and Experience: Qualifications:
- BSc / IT or related undergrad qualification
Experience required:Job Related Experience Required
- General IT Management: 5-7 years
- General Cybersecurity Management: 7-10 years
- General Cybersecurity Practitioner / Engineer: 7-10 years
- Project Management: 3-5 years
Job Related Knowledge Required
- ISO 27001,
- Security Qualifications (CISMP, CISSP, CIRC, CISA)
- Architecture & Security Process Analysis
- MS365 Security Capabilities
- Mimecast
- SIEM Management
- Vulnerability Management
- Endpoint Security Management
- Firewall Management
- POPIA/GDPR Knowledge
- Security Incident Response Management
How the role raises the bar
- Strategic Conceptualizing Skills
- Planning and Organising Skills
- Communication: Verbal and written
- Innovation Skills
- Change Management Skills
- Research Skills
- Relationship and Networking Skills
- Results Driven
- Attributes essential to raising the bar